From: phcoder <phcoder@gmail.com>
To: The development of GRUB 2 <grub-devel@gnu.org>
Subject: Re: truecrypt support in grub ?
Date: Thu, 16 Apr 2009 18:27:33 +0200 [thread overview]
Message-ID: <49E75C75.40706@gmail.com> (raw)
In-Reply-To: <20090416211205.7b715cf8@debian>
J. Bakshi wrote:
> On Wed, 15 Apr 2009 18:25:27 +0200
> phcoder <phcoder@gmail.com> wrote:
>
>> Michael Gorven has already implemented LUKS support for grub2.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> really nice to know. But does it still required /boot partition as un-encrypted ?
>
It's already able to load kernels from encrypted partition. For the
moment it's too big to fit to mbr gap but in perspective it could be
squeezed enough. Then you don't need unencrypted partitions at all. For
now if you want to do this you need to leave some space before the first
partition.
Be aware that even if such configuration is nice it doesn't increase
security in any way. The easiest attack is to replace grub with a
recompiled grub which additionally writes password somewhere on the disk
>
>> Using
>> truecrypt with linux partitions is a bad idea - this encryption isn't
>> native to it in any way and also truecrypt is under GPL-incompatible
>> licence which means it's unlikely to be incorporated to grub (you
>> need to figure out the on-disk layout of truecrypt and then
>> reimplement it from scratch (but you can reuse ciphers from luks
>> implementation)). If all you want is boot windows installed on
>> truecrypt partition then the best way is to chainload truecrypt
>> booter. I haven't yet looked in it myself but it seems that truecrypt
>> booter uses mbr gap too which conflicts with grub. However it can be
>> workarounded by dumping contents of mbr gap created by truecrypt and
>> replicating the action of tc-mbr (can't be difficult)
>
> eagerly waiting to see that grub2 support that
>
Why don't you help us with that? Install truecrypt, dump mbr and mbr
gap. Disassemble mbr and send an explanation of what it does in plain
english here
> Thanks
>
>> J. Bakshi wrote:
>>> Hello list,
>>>
>>> GRUB2 is a robust boot loader. Is it possible to have truecrypt
>>> encryption support dirctly in GRUB2 ? Then we can have truecrypt
>>> encrypted partition with linux installed and GRUB2 just decrypt it
>>> and load the kernel.
>>>
>>> Thanks
>>>
>>>
>>> _______________________________________________
>>> Grub-devel mailing list
>>> Grub-devel@gnu.org
>>> http://lists.gnu.org/mailman/listinfo/grub-devel
>>
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> http://lists.gnu.org/mailman/listinfo/grub-devel
--
Regards
Vladimir 'phcoder' Serbinenko
next prev parent reply other threads:[~2009-04-16 16:27 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-15 13:28 truecrypt support in grub ? J. Bakshi
2009-04-15 14:19 ` Chip Panarchy
2009-04-15 16:25 ` phcoder
2009-04-16 15:42 ` J. Bakshi
2009-04-16 16:27 ` phcoder [this message]
2009-04-16 17:19 ` Michael Gorven
2009-04-16 18:24 ` phcoder
2009-04-16 18:42 ` Alon Bar-Lev
2009-05-02 11:40 ` Robert Millan
2009-05-03 0:47 ` Chip Panarchy
2009-05-03 16:28 ` Robert Millan
2009-05-04 12:27 ` Chip Panarchy
2009-05-04 12:38 ` Alon Bar-Lev
2009-05-04 13:42 ` Vladimir 'phcoder' Serbinenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49E75C75.40706@gmail.com \
--to=phcoder@gmail.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.